United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3- 1 450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE \ 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/551,003 


04/03/2006 


Azman Bin H J Zahari 


05-649 


1412 



34704 7590 05/04/2007 

BACHMAN & LAPOINTE, P.C. 
900 CHAPEL STREET 
SUITE 1201 

NEW HAVEN, CT 06510 



EXAMINER 



LAFORG1A, CHRISTIAN A 



ART UNIT 



2131 



PAPER NUMBER 



MAIL DATE 



DELIVERY MODE 



05/04/2007 PAPER 

Please And below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

10/551,003 


Applicant(s) 

ZAHARI, AZMAN BIN H J 


Examiner 

Christian La Forgia 


Art Unit 

2131 





- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[X] Responsive to communication(s) filed on 27 September 2005 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) El Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 1-18 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 27 September 2005 is/are: a)E3 accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)IEl All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received, 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. [X] Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-18 have been presented for examination. 

Priority 

2. Acknowledgment is made of applicant's claim for priority. 

Information Disclosure Statement 

3. The information disclosure statement (IDS) submitted on 27 September 2005 is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner has considered the 
information disclosure statement. 

4. The information disclosure statement filed 03 April 2006 appears to be a duplicate of the 
IDS submitted on 27 September 2005. It has been placed in the application file, but the 
information referred to therein has already been considered in the IDS of 27 September 2005. 

Specification 

5. The following guidelines illustrate the preferred layout for the specification of a utility 
application. These guidelines are suggested for the applicant's use. 



Arrangement of the Specification 

As provided in 37 CFR 1 .77(b), the specification of a utility application should include 
the following sections in order. Each of the lettered items should appear in upper case, without 
underlining or bold type, as a section heading. If no text follows the section heading, the phrase 
"Not Applicable" should follow the section heading: 

(a) TITLE OF THE INVENTION. 

(b) CROSS-REFERENCE TO RELATED APPLICATIONS. 

(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR 

DEVELOPMENT. 

(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT. 

(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A 

COMPACT DISC. 

(f) BACKGROUND OF THE INVENTION. 
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(1) Field of the Invention. 

(2) Description of Related Art including information disclosed under 37 CFR 1.97 
and 1.98. 

(g) BRIEF SUMMARY OF THE INVENTION. 

(h) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S). 

(i) DETAILED DESCRIPTION OF THE INVENTION. 

(j) CLAIM OR CLAIMS (commencing on a separate sheet). 

(k) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet). 

(1) SEQUENCE LISTING (See MPEP § 2424 and 37 CFR 1.821-1.825. A "Sequence 
Listing" is required on paper if the application discloses a nucleotide or amino 
acid sequence as defined in 37 CFR 1.821(a) and if the required "Sequence 
Listing" is not submitted as an electronic document on compact disc). 

The disclosure is objected to because it does not provide for any of the abovementioned section 

headings. 

6. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

8. Claims 1, 2, 5-1 1, 14, and 15 are rejected under 35 U.S.C. 102(b) as being anticipated by 
U.S. Patent No. 5,657,388 to Weiss, hereinafter Weiss. 

9. As per claims 1 and 14, Weiss teaches system for secure communication across a 
communication network comprising: 

a personal code generation means having one or more identification codes and one or 
more encryption codes (Figure 1 [blocks 12, 14, 50], column 2, lines 57-64, i.e. token processor 
is utilized to generate a one-time, non-predictable code and inferring an encryption key), the or 
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each identification code and the or each encryption code being arranged to change with time 
(column 3, lines 7-11, i.e. time- varying); and 

a code server including the or each identification code and the or each encryption code 
(Figure 1 [blocks 16, 60], column 5, lines 4-20), the code server being synchronized with the 
personal code generation means such that the or each identification code of the code server and 
the or each encryption code of the server change independently of and in synchronization with 
the or each identification code of the personal code generation means and the or each encryption 
code of the personal code generation means (column 5, line 60 to column 6, line 15); 

wherein a user transmits across the communication network (column 5, lines 4-5), the or 
each identification code of the personal code generation means and data encrypted with the or 
each current encryption code of the personal code generation means and the code server uses the 
or each identification code of the code server to authenticate the user and the or each encryption 
code of the code server to decrypt the transmitted data (column 2, lines 57-65, column 6, lines 
16-28, i.e. inferring the encryption key in order to decrypt data to permit user access to the 
encrypted data; see figure 2 of U.S.P.N. 5,237,614 as incorporated by reference by Weiss). The 
Applicant is directed to the discussion of multiple reference 102 rejections at MPEP § 2131.01. 

10. Regarding claims 2 and 15, Weiss incorporates U.S.P.N. 5,237,614 at column 2 lines 64- 
65. U.S.P.N. 5,237,614 teaches wherein the code server communicates to the user following 
authentication of the user by transmitting data across the communication network to the user 
encrypted with the or each encryption code of the code server (Figure 2 [block 52], column 9, 
lines 1 5-35) and the user decrypts the data transmitted by the code server with the or each 
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encryption code of the personal code generation means (Figure 2 [block 56], column 9, lines 36- 
51). 

1 1 . Regarding claim 5, Weiss teaches wherein the personal code generation means comprises 
a personal portable token (Figure 1 [blocks 12, 14], column 4, lines 27-49). 

1 2. With regards to claim 6, the Examiner interprets a pendant as any hanging ornament, as 
an earring or the main piece suspended from a necklace. The definition courtesy of 
Dicdonary.com Unabridged (v 1.1). Random House, Inc. 23 Apr. 2007. <Dictionary.com 
http://dictionary.reference.com/browse/pendant>. The Examiner contends that it is well known 
in the art that the personal portable token is a pendant and Official Notice is taken of such. 

13. With regards to claim 7, Weiss teaches wherein the personal portable token is a card 
(column 2, lines 18-34). 

14. With regards to claim 8, Weiss teaches wherein the personal code generation means 
includes a communication port to communicate the or each identification code of the personal 
code generation means and the or each current encryption code of the personal code generation 
means to a user's computer (column 5, lines 21-37). 
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15. Regarding claim 9, Weiss teaches wherein the personal code generation means comprises 
software residing on a user's computer (column 2, lines 46-56, column 4, lines 44-58, i.e. 
machine readable form). 

16. With regards to claim 10, Weiss teaches wherein the personal code generation means 
includes a display means (column 4, lines 46-49, i.e. laptops, notebook computers, and PDA 
devices all have display means). The Examiner contends that it is well known in the art that the 
display means displaying the or each identification code of the personal code generation means 
and the or each encryption code of the personal code generation means and Official Notice is 
taken of such. 

17. With regards to claim 11, Weiss teaches wherein the personal code generation means 
comprises a smart card having an initialization code known to the code server and software 
residing on a user's computer (column 2, lines 18-34), the software being capable of generating 
the or each identification code and the or each encryption code based on the initialization code 
and a reference clock (column 7, lines 49-60), the code server also being capable of generating 
the or each identification code and the or each encryption code based on the initialization code 
and the reference clock (column 5, line 60 to column 6, line 15). 

Claim Rejections - 35 USC § 103 

18. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the- differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 



Application/Control Number: 10/551 ,003 Page 7 

Art Unit: 2131 

having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

19. Claim 3, 4, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Weiss. 

20. Regarding claim 3, 4, and 16, Weiss teaches wherein the code server stores information 
including a username and password assigned to the owner of the personal code generation means 
and the password is transmitted across the communication network and the code server uses the 
password to authenticate the user as the owner (column 1 , lines 42-57). 

2 1 . Weiss does not teach that the username and password is transmitted with the or each 
identification code of the personal code generation means and the data encrypted with the or 
each encryption code and the code server uses the password to authenticate the user as the owner 
of the personal code generation means of the personal code generation means. 

22. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to transmit the username and password with the identification code and encryption 
code and using the password to authenticate the user, since Weiss teaches at column 2, lines 11- 
1 8 that varying the token information improves the security, as well as provides at least two 
forms of authentication of the user thereby providing better security. 

23. Claims 12, 13, 17 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Weiss in view of U.S. Patent No. 6,981,141 to Mahne et al., hereinafter Mahne. 

24. As per claims 12 and 1 7, Weiss teaches a system for securely accessing data stored in an 
encrypted form on a storage means accessible by a communication network comprising: 

a personal code generation means having one or more identification codes and one or 
more encryption codes (Figure 1 [blocks 12, 14, 50], column 2, lines 57-64, i.e. token processor 
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is utilized to generate a one-time, non-predictable code and inferring an encryption key), the or 
each identification and the or each encryption code being arranged to change with time (column 
3, lines 7-11, i.e. time-varying); 

a code server including the or each identification code and the or each encryption code 
(Figure 1 [blocks 16, 60], column 5, lines 4-20), the code server being synchronized with the 
personal code generation means such that the or each identification code of the code server and 
the or each encryption code of the server change independently of and in synchronization with 
the or each identification code of the personal code generation means and the or each encryption 
code of the personal code generation means, the code server also having a previous archiving 
code being the archiving code last used to encrypt the key archive and a current archiving code 
being arranged to change with time (column 5, line 60 to column 6, line 15); 

wherein when a user wishes to access the or each stored data file, the user transmits 
across the communication network (column 5, lines 4-5), the or each identification code of the 
personal code generation means and data including a request to access the stored data files 
encrypted with the or each encryption code of the personal code generation means and the code 
server uses the or each identification code of the code server to authenticate the user and the or 
each encryption code of the code server to decrypt the transmitted data and the code server 
communicates to the user the previous archiving code in encrypted form using the or each 
encryption code of the code server so that the user may decrypt the data to provide access to the 
stored data files (column 2, lines 57-65, column 6, lines 16-28, i.e. inferring the encryption key 
in order to decrypt data to permit user access to the encrypted data; see figure 2 of U.S.P.N. 
5,237,614 as incorporated by reference by Weiss). 
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25. Weiss does not teach a key archive associated with the personal code generation means 
and with one or more data files on the storage means, the key archive having information 
including the location of the data files and the encryption codes with which each of the data files 
is encrypted, the key archive being encrypted with an archiving code; and decrypting the key 
archive providing access to the stored data files. 

26. Mahne discloses a key table stored on a smart card which stores encryption keys used to 
decrypt files (column 8, lines 56-67, column 9, lines 43-50). 

27. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to include a key archive associated with the personal code generation means and with 
one or more data files on the storage means, the key archive having information including the 
location of the data files and the encryption codes with which each of the data files is encrypted, 
the key archive being encrypted with an archiving code; and decrypting the key archive 
providing access to the stored data files, since Mahne states at column 3, line 65 to column 4, 
line 2 that incorporating the key archive would provide an easy to use and inexpensive 
technology that would allow users to conveniently access encrypted documents and files. 

28. Regarding claims 13 and 18, Mahne teaches wherein when the code server transmits to 
the user the previous archiving code, the code server also transmits the current archiving code 
and the user then uses the current archiving code to encrypt the key archive when the user has 
completed accessing the stored data files and the code server stores the current archiving code as 
the previous archiving code for future access to the store data files (column 8, lines 56-67, 
column 9, lines 43-50). 
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Conclusion 

29. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

30. The following patents are cited to further show the state of the art with respect to one- 
time code tokens, such as: 

United States Patent No. 7,127,088 to Grajewski et al., which is cited to show verifying ' 
the personal identity of an authorized user using a token. 

United States Patent No. 7,178,041 to Asokan et al., which is cited to show synchronizing 
a counter between a server and a client. 

United States Patent No. 6,466,780 to Geiselman et al., which is cited to show identifying 
and minimizing the impact of cloned devices. 

United States Patent No. 6,766,161 to Geiselman et al., which is cited to show identifying 
and minimizing the impact of cloned devices. 

United States Patent No. 6,561,430 to Ou, which is cited to show a smart card with 
display means. 

United States Patent No. 6,592,044 to Wong et al., which is cited to show a smart card for 
generating useful information for commercial and security related transactions. 

. United States Patent No. 5,478,994 to Rahman et al., which is cited to show a secure 
credit card that generates one-time codes. 

United States Patent No. 5,627,355 to Rahman et al., which is cited to show a secure 
credit card that generates one-time codes for transactions. 
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United States Patent No. 5,367,572 to Weiss, which is cited to show a patent co-related to 
the patent used to reject the claims. 

3 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

32. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

33. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 



information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Christian LaForg: 
Patent Examiner/ 
Art Unit 2131 V 




